Latest Legal and Regulatory news update - 31st July

Latest Legal and Regulatory news update - 31st July


In this issue:

Risk & Compliance

Financial services



Information Law & TMT


LexTalk®In-house: a Lexis®PSL community

Risk & Compliance

International data transfers

The European Data Protection Board (EDPB) has published Frequently Asked Questions following the judgment in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (Schrems II), Case C-311/18. The document answers questions regarding whether the decision has any implications on transfer tools other than the Privacy Shield, what should be done by parties who used Standard Contractual Clauses (SCCs) or Binding Corporate Rules with entities in the US, whether derogations contained in Article 49 of the General Data Protection Regulation, Regulation (EU) 2016/679, can be relied upon when transferring data to the US, and how a controller can know whether a processor who processes data for which the controller is responsible transfers data to the US or another third country. See: LNB News 01/01/0001 2635.

The ICO has published an updated statement on Schrems II. The ICO states: ‘This judgment has wider implications than just the invalidation of the EU-US Privacy Shield. It is a judgment that confirms the importance of safeguards for personal data transferred out of the UK.’ The ICO also confirmed that the EDPB’s FAQs (see above) apply to UK controllers and processors. As such, a risk assessment should be conducted to determine whether SCCs provide enough protection within the local legal framework for international transfers. The ICO is continuing to take a ‘risk-based and proportionate approach’ to discharging its regulatory role. See: LNB News 28/07/2020 2.

You can expect your organisation’s privacy notices to be more closely scrutinised in relation to transfers of personal data outside the UK/EEA. See updated Precedents: Privacy policy—general commercial organisation—customer-facing and Privacy policy—law firms and professional services.

Coronavirus (COVID-19)

The Department of Health and Social Care has released guidance on how to recognise, contain and

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:
Allison is a former partner of Shoosmiths, with extensive experience of legal management and practice compliance.